Emergency Crypto Theft Warning Issued For Billions Of Android And iPhone Users—Coinbase And Metamask Attacks Underway

iPhone and Android users could be at risk of having their crypto stolen by a “sophisticated malicious cryptocurrency scheme,” according to new research.

Subscribe now to Forbes’ CryptoAsset & Blockchain Advisor and successfully navigate the latest crypto price rally

Malicious apps are being distributed through fake websites, mimicking legitimate wallet services such as Metamask and Coinbase, analysts from cybersecurity research company ESET found.

Want to stay ahead of the market and understand the latest crypto news? Sign up now for the free CryptoCodexA daily newsletter for crypto investors and the crypto-curious

“You should pick carefully which mobile app to use for managing your funds,” Lukáš Štefanko, the ESET researcher who discovered the scheme, said in a statement, adding that with the price of bitcoin and other major cryptocurrencies down significantly from their all-time highs “this might be a time either to panic and withdraw funds.”

Crypto prices peaked late last year and have dropped sharply in recent months even as crypto holders brace for a $10 trillion earthquake.

The crypto price slump hasn’t put off hackers, however. ESET found dozens of fake websites are being used by hackers with ads placed on legitimate sites using misleading articles as well as Telegram and Facebook being used to distribute the malicious apps.

So far, ESET found the scheme is mainly targeting iPhone and Android users of the likes of Coinbase and Metamask in China but researchers said they expect these techniques to spread to other markets.

“These malicious apps also represent another threat to victims, as some of them send secret victim seed phrases to the attackers’ server using an unsecured HTTP connection,” said Štefanko. “This means that victims’ funds could be stolen not only by the operator of this scheme but also by a different attacker eavesdropping on the same network.”

Earlier this month, the European Union’s securities, banking and insurance watchdogs issued a joint warning that cryptocurrency investors could lose all their money could fall prey to scams, echoing similar warnings from U.S. regulators are lawmakers.

“Consumers face the very real possibility of losing all their invested money if they buy these assets,” the three EU authorities said in a statement, adding buyers “should be alert to the risks of misleading advertisements, including via social media and influencers.”

Source: https://www.forbes.com/sites/billybambrough/2022/03/29/emergency-crypto-theft-warning-issued-for-billions-of-android-and-iphone-users-coinbase-and-metamask-attacks-underway/